US12363543B2ActiveUtilityA1

5G hyperledger slice security framework

75
Assignee: T MOBILE INNOVATIONS LLCPriority: Dec 8, 2021Filed: Dec 27, 2023Granted: Jul 15, 2025
Est. expiryDec 8, 2041(~15.4 yrs left)· nominal 20-yr term from priority
H04W 12/08H04W 12/48
75
PatentIndex Score
0
Cited by
9
References
20
Claims

Abstract

A method for implementing a slice security zone (SSZ) in a 5G network. The method comprises storing by an SSZ function executing on a first network server an SSZ security profile of the SSZ in a secure storage function, receiving by the SSZ function from a slice management function a slice registration request comprising information relating to a slice security profile of a slice managed by the slice management function, if the slice security profile complies with the SSZ security profile, storing by the SSZ function a slice registration association between the slice and the SSZ in the secure storage function, and sending by the SSZ function to the slice management function a slice registration response comprising information relating to whether the slice was registered in the SSZ.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for administering a slice security zone (SSZ) in a 5G network, the method comprising:
 receiving at an SSZ function executing on a first network server an SSZ communication registration request, the SSZ communication registration request received from a first network function (NF), the SSZ communication registration request comprising an identifier (ID) of the first NF, a first slice ID, a second NF ID, a second slice ID, and a registration communication parameter; 
 determining by the SSZ function whether a registration criterion is met by determining whether a secure storage function includes a first slice registration association between the first slice and the SSZ, a second slice registration association between the second slice and the SSZ, a first NF registration association between the first NF and the SSZ, and a second NF registration association between the second NF and the SSZ; 
 if the registration criterion is not met, sending by the SSZ function a first SSZ registration violation message to a system administration function executing on a second network server, the first SSZ registration violation message including information relating to the SSZ communication registration request and the SSZ function; 
 if the registration criterion is met, determining by the SSZ function whether a security criterion is met by determining whether the registration communication parameter complies with an SSZ security profile of the SSZ, a first slice security profile of the first slice, and a second slice security profile of the second slice that are stored in the secure storage function; 
 if the security criterion is not met, sending by the SSZ function a second SSZ registration violation message to the system administration function; and 
 if the security criterion is met:
 storing in the secure storage function a communication registration association comprising the first NF ID, the first slice ID, the second NF ID, the second slice ID, and the registration communication parameter; and 
 sending by the SSZ function an SSZ communication registration response to the first NF. 
 
 
     
     
       2. The method of  claim 1 , wherein:
 the first SSZ registration violation message comprises (i) identifiers of the first NF, the first slice, the second NF, the second slice, and the SSZ, and (ii) information relating to which of the first slice, the second slice, the first NF, and the second NF are not registered in the SSZ; and 
 the second SSZ registration violation message comprises (i) identifiers of the first NF, the first slice, the second NF, the second slice, and the SSZ, and (ii) information relating to which security profile(s) of the first slice, the second slice, and the SSZ are not complied with by the registration communication parameter. 
 
     
     
       3. The method of  claim 1 , wherein determining whether the security criterion is met further includes determining whether the registration communication parameter complies with a security profile of the first NF stored in the secure storage function and a security profile of the second NF stored in the secure storage function. 
     
     
       4. The method of  claim 1 , wherein the second slice ID the same as the first slice ID. 
     
     
       5. The method of  claim 1 , wherein the registration communication parameter includes one or more of a slice domain, a slice/service type, or a 5G interface type of a slice in which the NF is executing. 
     
     
       6. The method of  claim 1 , wherein the registration communication parameter includes a throughput, a latency, an availability, a reliability, a jitter, or a bandwidth for registered communication between the first NF and the second NF. 
     
     
       7. The method of  claim 1 , wherein the secure storage function is a hyperledger. 
     
     
       8. A method for enforcing a slice security zone (SSZ) in a 5G network, the method comprising:
 receiving at an SSZ function executing on a first network server an SSZ communication notification request, the SSZ communication notification request received from a first network function (NF), the SSZ communication notification request comprising a first NF identifier (ID) of the first NF, a second NF ID, and an inter-function communication parameter; 
 determining by the SSZ function whether a secure storage function includes a matching communication registration association comprising the first and second NF IDs and a registration communication parameter with which the inter-function communication parameter is compliant; 
 if the secure storage function does not include the matching communication registration association, sending by the SSZ function an SSZ communication violation message to a system administration function; and 
 if the secure storage function includes the matching communication registration association, sending by the SSZ function an SSZ communication notification response to the first NF. 
 
     
     
       9. The method of  claim 8 , further comprising:
 if the secure storage function does not include the matching communication registration association, sending by the SSZ function an SSZ communication denial request to the first NF. 
 
     
     
       10. The method of  claim 8 , wherein the SSZ communication violation message comprises the first NF ID, the second NF ID, and information relating to whether the secure storage function does not include (i) the matching communication registration association comprising the first and second NF IDs or (ii) the registration communication parameter with which the inter-function communication parameter is compliant. 
     
     
       11. The method of  claim 8 , wherein the SSZ communication violation message comprises the first NF ID, the second NF ID, and information relating to the noncompliance of the inter-function communication parameter with the registration communication parameter of the matching communication registration association. 
     
     
       12. The method of  claim 8 , wherein the inter-function communication parameter includes one or more of a slice domain, a slice/service type, a 5G interface type of a slice in which the NF is executing, a throughput, a latency, an availability, a reliability, a jitter, or a bandwidth for registered communication between the first NF and the second NF. 
     
     
       13. The method of  claim 8 , wherein the secure storage function is a hyperledger. 
     
     
       14. The method of  claim 8 , wherein the SSZ function is a virtual network function that manages features of the SSZ. 
     
     
       15. The method of  claim 8 , wherein the SSZ communication notification response comprises information indicating that a requested communication has been authorized. 
     
     
       16. The method of  claim 8 , wherein the SSZ communication violation message comprises a notification that a network element is attempting an unregistered communication. 
     
     
       17. The method of  claim 8 , wherein the first NF is one of a virtual network function or a container network function. 
     
     
       18. The method of  claim 1 , wherein the SSZ function is a virtual network function that manages features of the SSZ. 
     
     
       19. The method of  claim 1 , wherein the communication registration response comprises information indicating that a requested communication has been registered. 
     
     
       20. The method of  claim 1 , wherein the first NF is one of a virtual network function or a container network function.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.